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SINGLE SIGN-ON SYSTEM FOR APPLICATION PROGRAM 

BACKGROUND OF THE INVENTION 

Field of the Invention 

The present invention relates to a single sign-on system 
for an application program, and particularly to a single sign-on 
system with window-based interface applied in a network-based 
application program. 

Description of the Related Art 

In a company or an organization, a computer user may be 
required to use several application programs, such as e-mail or 
database management systems, which require authorization. 
Generally, these application programs are utilized or operated 
by the company employees via the network, such as the local area 
network (LAN) . The employees may have various authorities to 
access the application programs ; for example, a finance database 
management system may authorize employees of the accounting 
department to look up and modify the data, while no authorization 
is given to employees of other departments . 

Generally, sign-on information such as accounts or 
passwords are involved for the authorized users (that is, the 
employees to operate the application programs) . Thus, it is 
easier for the users to identify their authorities in the sign-on 
process of the application programs. 



However, in order to establish confidence and security in 
authorization, the sign-on information should be kept secret, 
and it is preferred to use different sign-on information for 
different application programs. As a result, a user must keep 
all sign-on information for each application program firmly and 
clearly in mind. However, it is possible that the user may not 
complete the sign-on operation successfully, mixing up any part 
of the sign-on information or different sign-on information for 
different application programs; thus, being unable to operate 
the application program. In addition, if a user must use more 
than one application program, it is necessary to sign on to each 
application program with its respective sign-on information. 
This increases time and inconvenience of the sign-on operation. 

SUMMARY OF THE INVENTION 

In view of the aforementioned problem, the present 
invention discloses a single sign-on system and method thereof 
for an application program, which solves the problems incurred 
in the sign-on process while remotely operating the application 
program via a network. In the present invention, the user 
utilizes a pre-saved sign-on information in a single sign-on 
process to sign on to the application programs automatically. 
Further, the sign-on information is updated after signing on to 
the application programs successfully, so that the sign- on 
information is kept up-to-date. 

The present invention discloses a single sign-on system to 
remotely operate an application program via a network. The 
single sign-on system comprises: an application program server 
for saving the application program; at least one client computer 
connected to the application program server via the network. 



each of the client computers receiving sign- on information, 

operating the application program by signing on to the 

application program server with the sign-on information, and 

sending the sign- on information after signing on to the 

r 

5 application program server; and a single sign-on server 
connected to the client computer, the single sign-on server for 
receiving and saving the sign-on information from the client 
computer, and sending the sign-on information to the client 
computer when the client computer signs on to the application 
10 program server. 

In the above-mentioned single sign-on system, the client 
computer may comprise an application program module for signing 
'2, on to the application program server with the sign-on 

information and operating the application program; and a single 
fU 15 sign-on module for receiving the sign-on information from the 
^'g single sign-on server, sending the sign-on information to the 

■'P application program module, and sending the sign-on information 

3 to the single sign-on server when the application program module 

I signs on to the application program server. 

20 Further, in the above-mentioned single sign-on system, the 

y application program module may comprise a window-based 

interface; the sign-on information may comprise a sign-on 
password and a sign-on account; and the network may be a private 
network, a local area network (LAN) or a wide area network (WAN) . 
25 The present invention also discloses a method of a single 

sign- on process on a client computer for remotely operating an 
application program via a network, the method comprising the 
steps of: connecting and signing on to a single sign-on server 
to retrieve sign-on information from the single sign-on server; 
30 connecting and signing on to an application program server with 
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the sign-on information; and updating the sign-on information 
by sending the sign-on information to the single sign-on server. 

The aforementioned method may further comprise a step of 
receiving new information, and signing on to the application 
program server with the new information as the sign- on 
information when failing to sign on to the application program 
server with the original sign- on information. 

Further, in the aforementioned method, the client computer 
may comprise a window-based interface; the sign-on information 
may comprise a sign-on password and a sign-on account; and the 
network may be a private network, a local area network (LAN) or 
a wide area network (WAN) . 

BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention can be more fully understood by 
reading the subsequent detailed description in conjunction with 
the examples and references made to the accompanying drawings, 
wherein: 

Fig. 1 is a block diagram of the application program single 
sign-on system of an embodiment of the present invention; 

Fig. 2 is a block diagram of the client computer 100 of the 
embodiment in Fig. 1; and 

Fig. 3 is a flow chart showing the single sign-on method 
of the embodiment in Fig . 1 . 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

An embodiment of the single sign-on system of the present 
invention will be described hereinafter in detail in reference 
to Fig. 1 and Fig. 2. 
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The single sign-on system of the present invention is 
utilized to perform a sign-on process while remotely operating 
an application program via a network 400. In Fig. 1, numeral 
100 denotes a client computer, numeral 200 denotes a single 
sign-on server (SSO) , and numeral 300 denotes an application 
program server (AP) . It should be noted that each element in 
Fig. 1 is shown in a single block for simplification of the 
drawing; however, the present invention is not limited to have 
only one client computer 100, one SSO 200, or one AP 300. That 
is, it is possible to involve more than one client computer 10 0, 
more than one SSO 200, or more than one AP 3 00 in realizing the 
present invention. 

The AP 300 saves the application programs for users to 
P remotely operate. In this operating process, the client 

i;ri 

ry 15 computer 100 connects to the AP 300 to remotely operate the 
.■| application programs via the network 400, and connects to the 

SSO 200 to access the sign-on information via the network 400, 
i3 In the embodiment, the client computer 100 is configured 

;m as shown in Fig. 2, in which the client computer 100 has a single 

^'R 20 sign-on module 110 and an application program module 120. The 
i'U application program module 120 is utilized to sign on to the AP 

300 with the sign-on information, such as a sign-on account and 
a sign-on password, and operate the application program in the 
AP 300. The single sign-on module 110 is utilized to receive 
25 the sign-on information from the SSO 2 00, send the sign-on 
information to the application program module 120, and send the 
sign-on information back to the SSO 2 00 for updating when the 
application program module 110 successfully signs on to the AP 
300 . 
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In the embodiment, the application program module 120 has 
a user- friendly window-based interface for convenience of 
operation. Further, the sign-on information includes a sign-on 
account and a sign-on password; other information corresponding 
5 to the user identity may be included. Further, the network 40 0 
in the present invention is, for example, a private network, a 
LAN or a WAN. 

In the following description, the method of a single 
sign-on process based on the construction of the aforementioned 
10 embodiment is hereinafter described in detail referring to Fig. 
■3 . 

When a user is about to remotely operate an application 
program saved in the AP 3 00 from the window-based interface of 
the client computer 100, the client computer 100 connects to and 

15 signs on to the SSO 200 via the network 400 (step S310) . The 
SSO 200 checks the user identity provided in the signing step, 
and sends corresponding programs and information, such as a 
program generating the window-based interface and the sign- on 
information including a sign-on account and a sign-on password 

20 which is encrypted and saved in the SSO 200, to the client 
computer 100 (step S320) . Then, the client computer 100 
activates the application program module 120 with the 
interface-generating program, and decrypts the encrypted 
sign-on information (step S330) . 

25 It should be noted that, in this embodiment, although the 

sign-on information includes the sign-on account and the sign-on 
password, the sign-on information saved in the SSO 200 may be 
incomplete. As a result, a checking process is involved to make 
sure if the sign-on information includes a sign-on password 

30 (step S340) . If the sign-on information is incomplete, the user 
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may enter new information, such as a sign-on password (step 
S345) , for the client computer 100 to sign on to the AP 3 00 
successfully. 

If the sign-on information is complete, or the user enters 
t 

a sign-on password, the client computer 100 connects to and signs 
on to the AP 3 00 with the sign- on information (step 350) . 
However, it is not guaranteed that the sign-on information saved 
in the SSO 2 00 or entered by the user will be accepted. For 
example, the sign-on password for the application program might 
be changed, but the sign-on password saved in the SSO 2 00 was 
not updated, and it is also possible for the user to mistype the 
password string while entering the sign-on password. As a 
result, a further checking process is involved to check if the 
sign-on password is accepted (step S360) . If the sign-on 
password is incorrect or out-of-date, the user may re-enter a 
correct sign-on password as the new information (step S365) . 
Then, the AP sign-on process is completed (step S370) when the 
client computer 100 successfully sign on to the AP 300, so that 
the user may operate the application program on the client 
computer. Finally, the client computer 100 sends the sign-on 
information with the accepted sign-on password back to the SSO 
200 for encryption and updating (step S380) , so that the sign-on 
infonnation may be up-to-date for the next single sign-on 
procedure . 

It should be noted that, in the present invention, the 
sign-on information is not limited to a sign-on account and 
sign-on password as described in the embodiment, and encryption 
and decryption in the client computer 100 and the SSO 200 are 
not necessary. That is, the sign-on information can be any 



information corresponding to the user identity, and may not be 
encrypted while saved in the SSO 200. 

With the single sign-on system and method of the present 
invention, the user signs on to the application programs 
5 automatically, with a single sign-on process, to the single 
sign- on server, so that no respective entry of the sign- on 
information is required. If the user activates a new application 
program, the single sign-on process enables the user to enter 
new information to sign on to the new application, and sends the 
10 new information to the single sign-on server for saving. 
Accordingly, with the present invention, the user does not need 
to recite various sign-on passwords in mind, and the respective 
sign-on processes for all application programs is simplified, 
i;3 so that the operation time in the sign-on process is reduced, 

jiylS and the sign-on process is more convenient to the user. 

While the present invention has been described with 
'•P reference to the preferred embodiments thereof, it is to be 

Q understood that the invention is not limited to the described 

m 

embodiments or constructions. On the contrary, the invention 
1020 is intended to cover various modifications and similar 
rg arrangements as would be apparent to those skilled in the art . 

Therefore, the scope of the appended claims should be accorded 

the broadest interpretation so as to encompass all such 

modifications and similar arrangements. 

25 
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